Vulnerability DatabaseCVE-2023-6857
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-6857
December 19, 2023
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Related ResourcesĀ (10)
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html
https://www.mozilla.org/security/advisories/mfsa2023-56/
https://www.debian.org/security/2023/dsa-5581
https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html
https://security.gentoo.org/glsa/202401-10
https://www.debian.org/security/2023/dsa-5582
https://www.mozilla.org/security/advisories/mfsa2023-55/
https://bugzilla.mozilla.org/show_bug.cgi?id=1796023
https://security-tracker.debian.org/tracker/CVE-2023-6857
Do you need more information?
Contact Us
CVSS v4
Base Score:
6
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362
EPSS
Base Score:
0.25